Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-28252
HistoryApr 11, 2023 - 9:15 p.m.

CVE-2023-28252

2023-04-1121:15:25
NVD-CWE-noinfo
[email protected]
web.nvd.nist.gov
723
In Wild
4
cve-2023-28252
windows
common log file
system driver
elevation
privilege
vulnerability
nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.0%

JSON

Windows Common Log File System Driver Elevation of Privilege Vulnerability

VendorProductVersionCPE
microsoftwindows_10_1809*cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
microsoftwindows_server_2019*cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
microsoftwindows_server_2019*cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
microsoftwindows_server_2022*cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
microsoftwindows_10_20h2*cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
microsoftwindows_11_21h2*cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
microsoftwindows_10_21h2*cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
microsoftwindows_11_22h2*cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
microsoftwindows_10_22h2*cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
microsoftwindows_10_1507*cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 211

Social References

More

Related

hivepro 1
githubexploit 4
zdt 1
prion 1
metasploit 1
attackerkb 1
mscve 1
packetstorm 1
cisa_kev 1
securelist 9
wizblog 1
qualysblog 4
thn 2
talosblog 2
avleonov 2
malwarebytes 1
krebs 1
trellix 2
rapid7blog 3
nessus 11
mskb 15
kaspersky 2
openvas 8
hivepro
hivepro
Cybercrime group exploits zero-day on Windows servers to deploy Nokoyawa ransomware
2023-04-12 11:17:33
githubexploit
githubexploit
Exploit for Vulnerability in Microsoft
2024-01-01 15:30:33
Exploit for Vulnerability in Microsoft
2024-01-22 10:38:02
Exploit for Vulnerability in Microsoft
2023-06-27 12:22:05
zdt
zdt
Windows Common Log File System Driver (clfs.sys) Privilege Escalation Exploit
2023-09-14 00:00:00
prion
prion
Privilege escalation
2023-04-11 21:15:00
metasploit
metasploit
Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability
2023-07-28 07:43:37
attackerkb
attackerkb
CVE-2023-28252
2023-04-11 00:00:00
mscve
mscve
Windows Common Log File System Driver Elevation of Privilege Vulnerability
2023-04-11 07:00:00
packetstorm
packetstorm
Windows Common Log File System Driver (clfs.sys) Privilege Escalation
2023-09-14 00:00:00
cisa_kev
cisa_kev
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
2023-04-11 00:00:00
securelist
securelist
IT threat evolution in Q2 2023
2023-08-30 10:00:05
Windows CLFS and five exploits used by ransomware operators (Exploit #5 – CVE-2023-28252)
2023-12-21 10:00:01
Nokoyawa ransomware attacks with Windows zero-day
2023-04-11 17:36:20
wizblog
wizblog
Microsoft April 2023 Patch Tuesday Highlights: everything you need to know
2023-04-13 19:20:20
qualysblog
qualysblog
Combine Qualys TruRisk™ and MITRE ATT&CK to Adopt Threat-Informed Defense to Reduce Risk
2024-03-25 15:44:18
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
2023-09-26 13:04:00
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
2023-12-19 15:00:00
thn
thn
Carbanak Banking Malware Resurfaces with New Ransomware Tactics
2023-12-26 07:26:00
Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
2023-04-12 06:38:00
talosblog
talosblog
Threat Source newsletter (April 13, 2023) — Dark web forum whac-a-mole
2023-04-13 18:00:40
Microsoft Patch Tuesday for April 2023 — Snort rules and prominent vulnerabilities
2023-04-11 19:28:27
avleonov
avleonov
Vulristics News: EPSS v3 Support, Integration into Cloud Advisor
2023-04-23 23:11:58
Microsoft Patch Tuesday April 2023: CLFS EoP, Word RCE, MSMQ QueueJumper RCE, PCL6, DNS, DHCP
2023-04-27 22:03:04
malwarebytes
malwarebytes
Update now! April’s Patch Tuesday includes a fix for one zero-day
2023-04-12 10:00:00
krebs
krebs
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
2023-04-12 00:06:51
trellix
trellix
The Bug Report – April 2023 Edition
2023-05-03 00:00:00
The Bug Report – April 2023 Edition
2023-05-03 00:00:00
rapid7blog
rapid7blog
Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023
2023-12-29 19:38:15
Metasploit Weekly Wrap-Up
2023-09-15 18:54:45
Patch Tuesday - April 2023
2023-04-11 22:49:56
nessus
nessus
KB5025273: Windows Server 2008 Security Update (April 2023)
2023-04-11 00:00:00
KB5025277: Windows Server 2008 R2 Security Update (April 2023)
2023-04-11 00:00:00
KB5025234: Windows 10 LTS 1507 Security Update (April 2023)
2023-04-11 00:00:00
mskb
mskb
April 11, 2023—KB5025273 (Security-only update)
2023-04-11 07:00:00
April 11, 2023—KB5025271 (Monthly Rollup)
2023-04-11 07:00:00
April 11, 2023—KB5025277 (Security-only update)
2023-04-11 07:00:00
kaspersky
kaspersky
KLA48842 Multiple vulnerabilities in Microsoft Products (ESU)
2023-04-11 00:00:00
KLA48845 Multiple vulnerabilities in Microsoft Windows
2023-04-11 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5025279)
2023-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5025234)
2023-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5025221)
2023-04-12 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.026 Low

EPSS

Percentile

90.0%

JSON
Related for CVE-2023-28252
hivepro1githubexploit4zdt1prion1metasploit1attackerkb1mscve1packetstorm1cisa_kev1securelist9wizblog1qualysblog4thn2talosblog2avleonov2malwarebytes1krebs1trellix2rapid7blog3nessus11mskb15kaspersky2openvas8